This invention relates to internet security, and more particularly, to a method of providing such security which complements and significantly enhances existing web security strategies. The method of the invention minimizes the impact of a security breach which has already occurred, by providing a pre-emptive damage control which keeps the user's customers or clients from knowing their web site security had been compromised. The invention ensures that any hacker-perpetrated changes in content or function of a targeted web site are immediately identified and blocked from executing any unauthorized operation which will adversely effect people accessing the web pages. The method of the invention also allows for quick substitution of the original, legitimate code and content for faster recovery and minimal downtime of the web site. The method of the invention is based upon a concept of “Transform To Unique State” or TRUST of the files and program codes making up the content of a web site. This TRUST approach differs significantly from other commercially available web site security products.
Any company or organization wishing to be taken seriously in its industry or marketplace now must have a web presence that is credible and representative of the image that the company wishes to project to customers, investors, employees, and others. The web page, because of its immediate availability, is typically now the first line of inquiry about a company and its products or services. Web sites have reached a level of sophistication and functionality that has led businesses to regard them as far more than simple platforms for conveying information about the company and its products. Typical services managed though the web now include processing web-based sales, providing metered services for a fee, serving as a portal for government and private-sector professionals to perform document sharing/review, schedule appointments, net meetings, and other internal business processes, acting as a fund-raising platform for non-profit organizations, accessing libraries and other databases or information repositories, serving as a front end for relational databases, and authorizing and consummating brokered financial transactions.
Companies now transact substantial portions of their commercial activities directly over the web. For this reason, private and public sector entities have invested substantial sums in creating web site content, programming elaborate business processes for internet deployment, purchasing powerful servers and network equipment; and, organizing operations to ensure a web site remains available “24/7” with no down-time.
Unfortunately, the web has proven vulnerable to a variety of attacks perpetrated by individuals or organizations for mischievous or malicious purposes. Web sites are routinely subjected to a variety of probes searching for unprotected ports or previously planted “Trojan Horse” executables which provide an avenue for an intruder to commandeer all or part of a web site's function. In a number of highly publicized cases, major electronic commerce sites have been effectively shutdown by broad-based attacks. Often the server software, which powers the web site, has itself been utilized as the platform for replicating and perpetuating disruptive attacks. In addition, one system's vulnerability can have a ripple effect throughout the web as that server's resources become the vector for attacking or infecting other web servers.
In its most benign form, a hacker substitutes an inappropriate web page for the legitimate web content a business intends to display for its clients or users. However, even this simple form of attack has grave consequences, because the attacker is sabotaging the planned function of the web page and disrupting those transaction or business process that would otherwise take place.
More insidious attacks include the substitution of code aimed at collecting information for subsequent illegal and fraudulent purposes, the introduction of surreptitious interrupts and intercepts, commandeering system resources for malicious purposes such as using the web server as a replication platform for virus transmittal or denial of service attacks, and subtle alterations aimed at introduction of parasitical code agents that could circumvent normal encryption measures by passing information out from the server to listening sites, causing transactions which are apparently completed to instead “dead-end”, change distribution of a “for-fee” product or service to a “for-free” product or service, open vulnerabilities in business critical, back end RDBMS by allowing review of the back end code so key information such as user id's, passwords, data structures, server IP addresses, etc can be picked off, and provide an avenue for gathering information on system architecture or even establishing an ongoing beachhead for penetration of underlying data systems.
The costs of this vulnerability include the opportunity costs of lost transactions, the loss of clients and customers due to transactions going wrong, the loss of clients and customers because of lost confidence in the web site owner. Secure, private transactions are the minimum expectation and highest sensitivity for customers using e-commerce. This barrier (i.e., secure and private transactions) has taken a while to overcome, even with the significant convenience of ordering on-line. This confidence is also quick to go, with a breached system being the scapegoat and target for customer's frustration and sense of violation.
A security breach is intensely disruptive to the normal operations of a company's IT department. It sets back plans, disrupts normal routines, and derails resources. Companies that have suffered a breach tend to react impulsively and in a paranoid fashion, with the result that the attack is magnified beyond the actual damage which has been suffered. Companies also often over-react by throwing money and resources immediately and haphazardly at the problem, rather than sorting through the problem rationally and with a measured approach.
The principal protections in current web deployments are tools that monitor incoming traffic to the web server and review outgoing hypertext transfer protocol (http) materials returned by the web server to a client browser. These tools are generally awkward in use and do not effectively protect against system vulnerabilities that do not enter through the web server (e.g., NIMDA, Code Red). Maximum protection is diametrically opposed to maximum accessibility for legitimate users in current web server/browser configurations. Ports cannot be closed without concomitant restrictions on their ease of access. IP address restrictions are also a barrier to free, unhampered access by new customers, as well as being difficult to administer. Adding password protection both increases administrative burdens on the systems and places a significant obstacle to a first time customer who may connect only once with the page before making a buying decision. Waiting for a password may quash a sale before it can happen.
A variety of protection strategies are currently available for companies seeking to protect their web pages. The principal focus of these tools has been the interaction between web server software (e.g. Microsoft Internet Information Server [IIS]) and the web browser software (e.g. MS Internet Explorer, Netscape Navigator) residing on the customer's personal computer or device. Interaction between the company web site and the customer is bi-directional and utilizes the http. The customer activates the dialogue by submitting a universal record locator [url] string containing the desired web site address. The company web server at that site responds with a combination of hypertext markup language and code via http. This stream of information is, in turn, interpreted by the customer's browser software and rendered graphically as a web page display.
The security products currently available fall into several categories which include software that filters incoming web traffic, software that looks for suspicious changes in the out-bound http streams returned by the company's web server, protections inherent in the web server and operating system software (including simple encoding schemes or a compilation of source code), multiple server architectures that rely upon the complexity of serial barriers to thwart intruders, and monitors that constrain access by filtering “incoming” traffic based on the originating IP address or type of interaction. These products typically monitor, even block, ports which are the gateways into and out of any server attached to the internet. More expensive and elaborate approaches to web site security combine these filters with a complex layering of servers, proxies, and user-specific access controls.
These products have a number of disadvantages. They are expensive, elaborate to maintain, and do not address flanking maneuvers such as emailed agent and lateral intrusions. Further, they are primarily directed at access control rather than neutralizing intended damage and disruption. Recognition is not instantaneous. Recovery can be very complex. All these techniques aim to prevent a hacker from ever reaching the functions and files that lie behind the web server. To accomplish this, the ports which serve as the gateways in and out of any server attached to the internet are monitored or blocked. More expensive and elaborate approaches to web site security combine these filters with a complex layering of servers, proxies, and user-specific access controls. Again, these techniques are directed at preventing a hacker from reaching the underlying functions and files behind a web server. Recent history shows that web sites are constantly bombarded with attacks, and defenses are breached with regularity. When a company's web site is altered, often the exploited vulnerability becomes known only when customers begin complaining about lack of normal functions or highly visible defacements.